0bcbbc589f588d531ebb4aecd4c1dcd7_JaffaCakes118

General

Target

0bcbbc589f588d531ebb4aecd4c1dcd7_JaffaCakes118
Size

21KB
MD5

0bcbbc589f588d531ebb4aecd4c1dcd7
SHA1

cfe8dfdc223674f9a986d0e403177d15556bcc5b
SHA256

be4236460b6a6806a7f6d44a77d480ebdbf2cd9b067f55fb81d014724d2a3eb8
SHA512

bb9b560ab63d40f1c6b5397b8a380875dd3c2964357fae4838417b999b09462757b5cedd3c67c042997e19e38ec32315a0d0bc06fa2e40ebd48b292525cffcad
SSDEEP

384:Vo5CgK3xeH3srGrsIpcDPNoFNNViXhlT:25ukSWcjeH3M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bcbbc589f588d531ebb4aecd4c1dcd7_JaffaCakes118

Files

0bcbbc589f588d531ebb4aecd4c1dcd7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

42441f5a20e5f5a87ab5a5e730ac748f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
free
_beginthreadex
time
fseek
fread
fclose
strchr
atoi
memcpy
strtok
strrchr
malloc
wcscmp
_strrev
_stricmp
__CxxFrameHandler
abs
sprintf
strncmp
strcat
fopen
fgets
strcmp
strstr
strcpy
strlen
??2@YAPAXI@Z
memset
??3@YAXPAX@Z

kernel32

GetPrivateProfileStringA
OutputDebugStringA
GetModuleFileNameA
WaitForSingleObject
Sleep
GetFileSize
ExitProcess
GetModuleHandleA
VirtualProtect
GlobalAlloc
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GlobalFree
GetSystemDirectoryA
LoadLibraryA
CloseHandle
CreateThread
WideCharToMultiByte
MultiByteToWideChar
GetTempPathA
GetCommandLineA
WritePrivateProfileStringA
GetProcAddress

user32

GetClientRect
GetDC
wsprintfA
GetClassNameA
GetWindowTextA
ReleaseDC
GetWindowRect
GetDesktopWindow
EnumWindows

ws2_32

recv
socket
send
htons
connect
inet_ntoa
closesocket
WSAStartup
gethostbyname
inet_addr
WSACleanup

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA

gdiplus

GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipAlloc
GdipFree
GdipGetImageEncoders
GdiplusStartup
GdipLoadImageFromFile
GdipGetImageEncodersSize

urlmon

URLDownloadToFileA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile

Exports

Exports

DriverProc
modMessage
modmCallback

Sections

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42441f5a20e5f5a87ab5a5e730ac748f

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

gdi32

gdiplus

urlmon

wininet

Exports

Exports

Sections

.data Size: 18KB - Virtual size: 18KB

.reloc Size: 1KB - Virtual size: 1KB

.data
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1KB - Virtual size: 1KB